Cisco ASA5505 won't sync with NTP

Short answer

If you need to sync Cisco boxes to these Win2008 servers, disable the w32time service and install an NTPv4 server for Windows. This is the free Meinberg ntpv4 for windows.

If you don't want to disable w32time for whatever reason, you can host ntpd on a (u|li)nux server, sync that ntpd to an external ntp pool (such as a server from pool.ntp.org), and then point your ASAs to this reference.

Longer answer

This is the key from your info captures above:

10.10.0.1 configured, insane, invalid, stratum 1

Essentially, you might not be able to sync an IOS machine or ASA to a w32time service in Windows; for an authoritative link, see This article on Cisco's support forum.

It is possible to get too much root dispersion in a w32time service. Microsoft also acknowledges this limitation; KB939322 points out that you can only get a couple of seconds of precision from w32time.

A bug was filed against this in IOS years ago and got junked by Cisco.

CSCed13703

Externally found moderate defect: Junked (J) NTP will not sync, flags server as insane, invalid

Release-note:

An IOS system may be unable to synchronize to an NTP server despite being able to transmit to and receive packets from the server. This may be seen with a Windows system running the w32time service.

'show ntp associations detail" will show that the server is flagged as "insane, invalid". The "root dispersion" value will be seen as being in excess of 1000 ms, which will cause the IOS NTP implementation to reject the association.